HSM Solutions by Industry
Entrust nShield® HSMs are trusted by industries requiring protection against threats to their sensitive data, network communications and enterprise infrastructure.
Connected Vehicle Security
Automotive original equipment manufacturers (OEM) and their suppliers rely on Entrust nShield® HSMs for our expertise and experience in building data protection strategies. Our technology enables the root of trust needed to advance connected vehicle security and scale to meet the industry’s evolving demands.
New vehicles offer advanced features and functionality – along with vulnerabilities. Learn how Entrust nShield HSMs deliver solutions that help secure the connected vehicle.
Challenges
Attacks Via Connected Components
The addition of more connectivity to support vehicle infotainment systems, maintenance monitoring, and much more, opens up new potential attack vectors. And a vulnerability in one area could expose the whole system, as advanced attackers seek out pivot points to exploit.
Compromised Telemetry Transmissions
Telemetry data, which can be used for maintenance tracking or consumer devices plugged into the on-board diagnostics (OBD II) port, must be protected – in motion or at rest – in accordance with regional privacy mandates. Data transmitted by connected components needs to be authenticated to be sure it’s from a trusted source.
Unsecured Software and Firmware Updates
Like other connected devices, today's connected cars comprise components that may require software or firmware updates. Whether delivered over-the-air or at a service center, code updates sent to connected components present the potential for malicious behavior, as well as unintended errors or violations of organizational policies.
Solutions
Connected Component Authentication
To prevent against unsecured components interacting with vehicle systems and introducing malware or providing a pathway for an advanced attack, components need to be authenticated. Entrust nShield HSMs, along with supporting security software, enable manufacturers to give each connected component a unique identification that provides a root of trust along with the foundation for an effective public key infrastructure.
Protected Data-In-Transit
Encrypting telemetry and other data transmitted to/from the vehicle to support vehicle maintenance tracking or a vehicle-to-vehicle/infrastructure ecosystem, provides protection against data theft and other compromises. Entrust nShield HSM products enable the authentication of connected components and provide encryption of data-in-transit to ensure data can be trusted.
Strong Code Signing
To ensure the integrity of software and firmware updates, and defend against the risks associated with code tampering or code that deviates from organizational policies, the code must be signed using a strong methodology. The recognized best practice entails using private keys protected by hardware security modules.
Benefits
Defense Against Malware and Brand Damage
Establishing cryptographically-based digital identities for connected vehicle components and securing code updates against tampering help to protect against malware and code tampering, thus safeguarding against unwanted sophisticated attacks, unauthorized modifications to vehicle performance and reputational damage.
Protection of Sensitive Data
Securing the transmission of telemetry data and other information broadcast to/from the vehicle helps to protect against data loss and the compromise of vehicle and driver safety. Protecting data in transit also helps fleet operators safeguard sensitive information about their vehicles and cargo.
Opportunities for Improved Customer Service and Revenues
With strong authentication in place, components can receive over the air (OTA) software and firmware updates, presenting a significant opportunity for manufacturers, who could open up new revenue streams and enhance driver satisfaction with the introduction of new features, while reducing the cost of issuing updates.
ZF Friedrichshafen AG secures wireless manufacturing with Entrust nShield HSMs
Leading manufacturer uses Entrust nShield HSMs to protect mission-critical processes and meet regulatory requirements.
Entrust nShield HSMs enable secunet’s automotive industry solutions
Using Entrust nShield HSMs, secunet has been established as an automotive industry partner in providing crypto backend systems for more than 15 years.
Data Encryption for Banks & Financial Services
Entrust nShield® HSMs offer comprehensive key management and protection to secure data across devices, processes, platforms, and environments. They help financial service providers protect their customers, meet government and industry data security compliance standards, facilitate security auditing, and avoid the reputational damage caused by data breaches.
Challenges
Regulatory Compliance
The data security compliance and regulation challenges alone are daunting for banking and financial services firms. Data-at-rest security requirements are found within PCI DSS for credit card related information, GLBA, SOX/J-SOX, NCUA, data privacy and data residency laws, and even the USA Patriot Act
Securing Data
To protect their reputation banking and financial services firms and their executives must safeguard critical financial data from exposure.
Protecting Against Insiders, APTs and Future Threats
As financial services’ online infrastructures evolve and increase in numbers, procedures need to be in place to not only protect the data, but to also identify and alert the organization of unauthorized access.
Solutions
Strong Key Management
Entrust nShield Hardware Security Modules (HSMs) are hardened, tamper-resistant devices that help protect financial institutions’ most sensitive data by securely generating, managing and storing encryption and signing keys.
Secure Execution Environment
In addition to protecting your sensitive keys, Entrust nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute code within Entrust nShield HSMs’ FIPS 140-2 Level 3 boundaries, safeguarding your applications from potential attacks.
Benefits
Alignment with Global Compliance and Regulatory Standards
Entrust’s adherence to rigorous standards helps you demonstrate compliance in regulated environments while delivering high confidence in the security and integrity of Entrust nShield HSMs.
Ready for Blockchain Applications
Entrust nShield HSMs help financial services organizations protect and manage the cryptographic keys that underpin blockchain and other distributed ledger applications. Entrust nShield HSMs enable enterprises to design architectures that provide the high-assurance security required for distributed ledgers.
Cyber Security Solutions for Government
Numerous national governments around the world and many of their member states and local jurisdictions have enacted laws regulating the security of the personal, strategic and other sensitive data they hold. Government agencies and the organizations that work with them may be subject to breach disclosure notification and substantial fines if they do not comply with e security mandates. Entrust nShield® HSMs provide solutions that help government agencies and their organizations secure their data and comply with these laws.
Entrust nShield HSMs Family
Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.
Technology Partner Program
The Entrust nShield HSMs technology partner program is a forum to forge valuable technical and business relationships. The program is designed to yield benefits for both of our companies and ultimately to our mutual customers. As partner you are considered an extension of Entrust, which means you have access to the information, tools and resources to ensure you are able to meet our joint customers’ business needs.
Entrust has collaborated with solution and application providers in financial services, retail, commercial and government markets for decades. Our joint solutions address a wide range of data protection-related business issues including cloud computing security, regulatory compliance, application security, intellectual property protection, secure credentialing, big data security and device credentialing for the Internet of Things.
Entrust nShield products that provide high assurance cryptographic services critical to these solutions include:
- HSMs that provide a hardened, tamper-resistant environment for performing secure cryptographic processing, key protection, and key management
- Remote HSM management and monitoring products that facilitate deployment in lights-out data centers
- Time stamping products that provide the ability to enforce nonrepudiation for electronic signing, to verify data and application integrity, and to ensure long-term auditability of electronic records
- Working with Entrust means a partnership with a recognized world leader in security and data protection.
U.S. Federal Government Data Protection
Federal government agencies and their partners protect sensitive information with Entrust nShield HSM security solutions.
Healthcare
Entrust nShield® hardware security modules provide encryption key protection to help healthcare enterprises reduce the risks associated with holding patient data. Our flexible HSMs help strengthen organizational security and compliance postures, and mitigate the risk of a breach of valuable medical records.
Challenges
Compliant Protection of Structured and Unstructured Data
Healthcare institutions typically store and process multiple kinds of healthcare data, ranging from images and emails to medical records and payment information. This data, much of which is subject to HIPAA compliance or other privacy mandates, is stored on multiple devices, runs on multiple operating systems and is accessed by multiple users in multiple places.
Expanding Threat Landscape
Medical records are estimated to be worth as much as 10 times the value of a stolen credit card number. As attackers increase their sophistication, healthcare organizations must bolster their healthcare data security and compliance efforts. The unprecedented sharing of healthcare data across clinical applications, devices and facilities expands the potential surface attack area - and the security manager's challenges.
Solutions
Encryption Key Management
Entrust nShield hardware security modules provide healthcare institutions a high-assurance root of trust to protect the keys underpinning encrypted medical records, both on-premises and in the cloud. Safeguarding the keys renders patient data unusable to attackers and improves your compliance with data privacy mandates.
Strong User Authentication
Entrust nShield HSMs can help you create high-assurance systems to authenticate employees using internal systems, and a variety of connected devices accessing the network.
Benefits
Protect Organizational Reputation and Revenues
Data breaches at healthcare organizations have increased operating costs and impacted executive careers from IT to the C-suite, but perhaps the greatest damage is to the long-term reputation (and long-term revenue potential) of the breached organization. Establishing a strong security and compliance posture helps defend the healthcare enterprise against negative reputational and financial impact.
Improve Compliance with HIPAA|HITECH, PCI DSS and More
Data privacy mandates specify that organizations that store and process patient data - and other personally identifiable information - must protect it against theft or other loss and prevent unauthorized access. Entrust nShield HSMs help organizations align with the HIPAA Security Rule and HITECH compliance requirements transparently - without changes to operational processes and the daily work of healthcare professionals.
Render Patient Records Unusable to Attackers
Attackers are motivated by the black market value of patient medical records. However, with Entrust nShield HSMs acting as a root of trust for data encryption keys, attackers will be unable to decrypt patient information.
Cyber Security in Manufacturing
The connected devices produced by high-tech manufacturers are attractive targets for cybercriminals, who seek opportunities to use devices for illicit activities, such as man-in-the-middle attacks, intercepted/manipulated data-in-transit and more. Entrust nShield® HSMs and data encryption solutions are trusted by manufacturers worldwide to address today's high-tech manufacturing security challenges.
Challenges
Attacks on Connected Devices
Devices or attackers impersonating a trusted device or user could use that status to conduct a range of illicit activities, such as a man-in-the-middle attack, tapping into corporate networks, and more. Advanced persistent threats can take control of device software to steal customer information or intellectual property.
Introduction of Unauthorized Code
Insufficient security over code updates can allow hackers an entry point to the device in order to launch attacks or steal data from the device itself. Without adequate security measures at the factory, unauthorized code can also be introduced during the production process itself.
Unauthorized Production Runs
Unsecured manufacturing processes can lead to production of unauthorized units that can be sold on the black market, either with authentic branding or white labeled. This exposes the organization to significant financial and reputational damage.
Solutions
Device Authentication with Digital Certificates
Manufacturers use Entrust nShield HSMs in conjunction with security applications to secure root signing keys and the issuance of digital certificates, which are injected into connected devices during the production process. Entrust nShield HSMs provides end-to-end protection of the certificate and key generation, and device insertion process, allowing for strong authentication of each device. Read our Polycom case study for a detailed example.
Secure Software and Firmware Updates
Without proper security over software and firmware updates, hackers can inject unauthorized code onto devices to launch attacks or establish a trusted connection to corporate networks. With strong authentication in place, using HSMs to establish a root of trust, the device can validate that any code being introduced comes from a trusted publisher.
Strong Code Signing
The best practice to confirm the integrity of code updates and defend against the risks associated with software tampering is to ensure that code is signed highly secure signing processes with private signing keys protected by HSMs. Entrust nShield HSMs are trusted by manufacturers worldwide to secure their critical keys.
Benefits
Protect Against Brand and Financial Damage
By defending against the production of unauthorized units you can mitigate the brand and financial damage associated with overbuilding and cloning, especially with remote manufacturing facilities.
Ensure Only Authorized Code is Running on Devices
By allowing only authorized code to run on devices you can defend against:
- Hacker using the device's trusted status to tap into networks or conduct man-in-the-middle attacks
- Software that sidesteps organizational policies
- Erroneous or malicious code introduced by vendors in your supply chain
Cost Savings and Revenue Opportunities
With the ability to update devices deployed in the field, you can reduce the time and costs associated with in-person updates. You can also deliver firmware updates that create new revenue opportunities through improved product performance or additional functionality.
Related Resources
Entrust nShield HSM Certified Systems Engineer Training Data Sheet
The nCSE provides the training to give your people the knowledge to get the most from your investment. Getting the best from your technology depends on how much you invest in it...
Data Security Compliance for Retail
Retailers recognize their data isn’t safe, and this threatens their profitability. Data not compliant with PCI DSS standards increases credit card costs on every transaction. The sophistication of today’s cybersecurity outlaws makes the question not “if data will be breached,” but “when.” Entrust nShield® HSM solutions can help retailers protect their data and meet PCI DSS requirements by making it useless to anyone who tries to steal it.
Challenges
Data at Risk
Reportable data breached can not only have a negative effect on sales and reputation, and generate credit monitoring costs and fines, but are also alleged to have cost senior executives and even CEOs their jobs.
PCI DSS Compliance Requirements
Data not compliant with PCI DSS standards increases credit card costs on every transaction and may put your organization at risk for fines.
Solutions
Encryption with Strong Key Management
Entrust and its technology partners make your most sensitive payment and customer data unreadable to unauthorized users through encryption combined with key management backed by FIPS and Common Criteria certified Entrust NShield Hardware Security Modules (HSMs).
Secure Execution Environment
In addition to protecting your sensitive keys, nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute code within the nShield HSMs' FIPS 140-2 Level 3 boundaries, safeguarding your applications from potential attacks.
Benefits
Meet PCI DSS Requirements
Entrust nShield HSM solutions can help you protect your data and meet PCI DSS requirements by making it useless to anyone who tries to harvest it. Entrust nShield HSMs enable you to meet PCI DSS:
- 3.5: Protect keys against misuse or disclosure
- 3.5.1 and 3.5.2: Restrict access to keys and store them in fewest possible locations
- 3.6: Document and implement key management procedures
- 3.6.1 to 3.6.3: Securely generate, distribute, and store keys
- 3.6.4: Change keys periodically (also known as rollover)
- 3.6.5: Retire old or suspected compromised keys
- 3.6.6: Split knowledge and control of keys so that no one person can misuse them
- 3.6.7: Prevent substitution of keys
- 3.6.8: Document key custodians agreement with policies
Sophisticated encryption and key management solutions that protect mission critical data and applications.
Entrust nShield and our partners offers comprehensive data encryption and key management solutions that protect data across devices, processes, platforms and environments. These solutions have no negative impact on business agility and help retailers protect their customers, meet government and industry compliance standards and avoid the damage to reputation caused by data breaches
Strengthen authentication for payments and e-commerce using general purpose HSMs
Entrust nShield HSM are independently certified to meet FIPS 140-2 and Common Criteria standards and are approved for other approaches that can reduce scope such as point-to-point encryption under PCI DSS guidelines.
Cyber Security for Retail Pharmacies
Retail pharmacies are in the uncomfortable position of needing to comply not only with PCI DSS standards but also the need to comply with other regulations like HIPAA/HITECH as well as protect their organizations from violation of State, Federal and Local data breach statutes. Entrust nShield® HSM data protection solutions help retail pharmacies secure their data and comply with regulatory requirements through data-at-rest encryption and secure access controls to the encrypted information.
Challenges
PCI DSS Compliance
The Payment Card Industry Data Security Standards (PCI DSS) mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.
HIPAA/HITECH Compliance
The HIPAA Security Rule requires covered organizations to implement technical safeguards to protect all Electronic Personal Healthcare Information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information.
The HITECH act then expands the compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. Finally, the “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.
International, Federal and State Regulatory Compliance
Data breach notification requirements on loss of personal information have increasingly been enacted by nations around the globe as well as by US State governments. Data breach disclosure laws and notification requirements vary by jurisdiction, but almost universally include a “safe harbor” clause if the data lost was in encrypted form.
The DEA’s requirements for EPCS include that the cryptographic module used to digitally sign data elements be at least FIPS 140-2 Level 1 validated and that the pharmacy application’s private key must be stored encrypted.
Solutions
Entrust nShield HSM Key Management
Entrust nShield HSMs and our technology partner key management solutions enable centralized management of encryption keys for environments and devices including Key Management Interoperability Protocol (KMIP) compatible hardware, Oracle and SQL Server TDE master keys, and digital certificates.
Benefits
Quick and Easy to Install
Entrust nShield HSMs and technology partner key management solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).
Doesn't Slow System Performance
Customers typically report no perceptible impact to end-user experience when using Entrust nShield HSM solutions. Entrust nShield HSMs perform encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.